Jump in the discussion.

No email address required.

Python users get what they deserve

Jump in the discussion.

No email address required.

I don't really get what's going on. But as long as codecells are unhappy then I'm fine with it

Jump in the discussion.

No email address required.

This issue thread is quite bizarre. The maintainer is quite right in asking how something can be exploited and upon reading the discussions here it does seem to boil down to “you use pickle”, which is rather silly. The example exploit code in the linked PR boils down to:

os.system(“echo hacked”)

If someone could post a snippet showing how a user-inputted string makes it’s way into pickle then we have an actual exploit on our hands.

Jump in the discussion.

No email address required.

Ah yes indubidably

:#marseysmoothbrain:

Jump in the discussion.

No email address required.

I'll try to explain a simpler example the maintainer gave. logaru is a library for logging events as a software runs, which is useful for debugging and monitoring a program. Someone showed that if you pass it malicious code through an internal method, it will execute that malicious code. The maintainer is asking, "Why the fuck are you passing in malicious code through an internal method? This is like saying internal python functions like os.sytem are also insecure because you can run arbitrary code through them as well."

Jump in the discussion.

No email address required.

ni🅱🅱a just use cout<<

Jump in the discussion.

No email address required.

:#marseytv:

Snapshots:

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.